Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE IMPORTANCE OF USER ACCESS CONTROL

Published byΜύρων Μαρής Modified over 5 years ago

Similar presentations

Presentation on theme: "THE IMPORTANCE OF USER ACCESS CONTROL"— Presentation transcript:

1 THE IMPORTANCE OF USER ACCESS CONTROL
And Why I Recommend RBAC (ROLE BASED ACCESS CONTROL)

2 USER ACCESS CONTROL IS CRITICAL
SARBANES OXLEY (SOX) law passed in to protect investors from fraud, applies to ALL publicly held companies; some sections apply to privately held companies. Failure of privately owned companies to follow Sarbanes Oxley guidelines can derail future plans for taking company public and/or selling business to a privately owned company. A Key Principle of SARBANES OXLEY is User Access Control

3 WHAT IS USER ACCESS CONTROL?
A way to ensure segregation of duties It takes more than one person to complete a task Internal controls to help prevent error Makes it harder for individuals to commit fraud

4 Access Control As It Relates To User Identity
Minimum Access – users should have access to ONLY the data that they need to perform their job Users need full access to data that they need to be able to manipulate (create, modify, save) Provide Read-only access to data created by other people users need in order to do their job.

5 Individual Access vs Role Based Access
Possible to setup individual access for each user especially in smaller companies More desirable to create user roles based on job description As you add new employees, simply assign them appropriate role rather than create individualized access When employees change departments simply change role to which they are assigned

6 Advantages & Disadvantages of RBAC
Advantage: Easy Scalabilty Advantage: Less Administration Required; Saves time Disadvantage: Less flexibility; can’t override access permissions Disadvantage: Can be a nightmare if organization is not well structured

7 RBAC is Best User Access Control System
RBAC is the best way to manage user access if your organization has a clear structure, clear job descriptions, and a management team willing to enforce the roles. Not using Role Based Access Controls can make it harder to grow the company, and to sell the company in the future. A good Role Based Access Control can save time and money. It can also help protect the company from fraud.

Download ppt "THE IMPORTANCE OF USER ACCESS CONTROL"

Similar presentations

An Internal Control Overview

An Internal Control Overview
Use Case Development Social Journey Template. A “Use Case” is simply a defined way of using Yammer to accomplish a goal or complete a task. Define the.

Use Case Development Social Journey Template. A “Use Case” is simply a defined way of using Yammer to accomplish a goal or complete a task. Define the.
Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.
Dashboard Company Settings Controlled Online Accounting.

Dashboard Company Settings Controlled Online Accounting.
Be An Effective Manager

Be An Effective Manager
VENDORS, CONSULTANTS AND USERS

VENDORS, CONSULTANTS AND USERS
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Segregation of Duties for Infor-Lawson Software 1.

Segregation of Duties for Infor-Lawson Software 1.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Section 11.1 Management Structures

Section 11.1 Management Structures
Information Systems Security

Information Systems Security
Learning Objectives Understand the Business – LO1 Distinguish among service, merchandising, and manufacturing operations. – LO2 Explain common principles.

Learning Objectives Understand the Business – LO1 Distinguish among service, merchandising, and manufacturing operations. – LO2 Explain common principles.
 https://asana.com/guide/basics/start/w hy-asana https://asana.com/guide/basics/start/w hy-asana.

 hy-asana hy-asana.
Chapter 13 Types of Project Organizations. 222 Learning Objectives The characteristics of the three types of organization structures: - functional - project.

Chapter 13 Types of Project Organizations. 222 Learning Objectives The characteristics of the three types of organization structures: - functional - project.
Corporate Structure for Businesses NOTES. Principles of Effective Companies There is a clear reporting relationship for ALL staff The right to make decisions.

Corporate Structure for Businesses NOTES. Principles of Effective Companies There is a clear reporting relationship for ALL staff The right to make decisions.
Facilitate by: Mr. Meas Kheang Administration and finance Manager

Facilitate by: Mr. Meas Kheang Administration and finance Manager
Why is an Employee Information Management System Important for your Business?

Why is an Employee Information Management System Important for your Business?
Delegation in the workplace PRESENTED BY: STEPHEN SHROPSHIRE JENNIFER MARLOW.

Delegation in the workplace PRESENTED BY: STEPHEN SHROPSHIRE JENNIFER MARLOW.
Kara O’Bannon Spalding University September 2015 Training Consultant.

Kara O’Bannon Spalding University September 2015 Training Consultant.

Similar presentations

Ads by Google